cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Advocate I
Advocate I

Access Sharepoint List freely like an owner - as a user via PowerApps

Hello everyone

I and my team encountered some bug.

Suppose I'm a list user (I can use PowerApps application that connected to the list), and I know the list exact URL

Ex: https://mycompany.sharepoint.com/sites/SiteName/Lists/ListName/AllItems.aspx

I can't access the list directly, only interact with it via PowerApps

But, if I create a new PowerApps application, choose SharePoint connector, and paste in the link. I can connect my app to the List and can freely access the data like an owner.

We tried to restrict 'Create PowerApps application' but it's impossible.

My company use SharePoint list to store a lot of important data so this is very important.

Thank you!

8 REPLIES 8
Highlighted
Dual Super User
Dual Super User

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

Hi @hexagon 

 

Power Apps will always respect SharePoint permissions and when connecting to SharePoint it will always do so under the context of the user who is using the App.

 

So if your users are having full access on the SharePoint list data from Power Apps, that also means they have full access on the SharePoint list

 

--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.

Thanks,
Reza Dorrani, MVP
YouTube
Twitter

Highlighted
Advocate I
Advocate I

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

Users in my company don't have full access to SharePoint list, they are denied from viewing it directly on SharePoint. They can only interact with it via PowerApps. (they can only use some rows, other rows belong to other users)

But now, they can create a new PowerApps application of their own and connect to the List by pasting in the exact URL. They can view anything inside the list, ( by attaching it to a Gallery or so)

Highlighted
Super User
Super User

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

Sorry, not sure I follow 100%

  1. User with list permissions can access list only via the Power App but not via SharePoint
  2. User without list permissions can still access the list via Power App

The SharePoint connector runs under the context of the logged in user for PowerApps. This is often a problem because we would like to enforce the behaviour in point 1 - i.e. restrict users to only accessing the list via the Power App because the Power App applies some business logic that we don't want users bypassing by opening lists directly in SharePoint.

Two suggestions

  1. Try your scenario again using a new list and be wary of browsers caching credentials (you may think you are connecting as a 'test' user with limited permissions but the browser is using your normal credentials) - this has caught me out before.
  2. If this data is important to the company I'd suggest storing in a proper database and not in SharePoint.
Highlighted
Super User
Super User

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

If you cannot see your teamsite how do you create your lists?

 

User do not need full access to SP.  They need at least Contribute permissions to write and read.  Contribute would be sufficient for a user to build an app over the top.  If you want to restrict to specific users of a list,  then you need to change teh permissions to that list by removing the Hierarchy and then Grant Permissions to those users.

 

PowerApps assumes you ability to build apps over data sources based on the permission of the data source. You then can restrict those users in your shares of the apps

 

Here is one for you to try.  If you have teams - create a new team.  Every Team by default creates Teams Site in SP.  If you created the team you are then the owner of the SP Team site as well.  You can go to this team site but Selecting your Team then one of teh channels,  then the three dots menu.  This will have a choice to open in SharePoint.  Would be interetsed if you cann see that as well

Highlighted
Advocate I
Advocate I

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

Sorry I don't really understand what you said.

As users in my company are only allow to interact with SharePoint List via PowerApps that are create by us (the dev team) (they cannot see it all directly in sharepoint website).

But if they use the trick they can see and manipulate the list freely

The trick here is to create a new app and connect to sharepoint (they can't find the list but they can paste in the link of the list and connect).

In their new app they can do anything with the list

Highlighted
Super User
Super User

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

I'm afraid I think the trick is in the way that you are hiding the SP Lists from the users.

You are using a hack to try to get the behaviour that you want/need, but it is not 100% effective as SharePoint is not supposed to work that way.

If your data is important and you need proper control over it, it should be in a real database. Of course that also means moving to premium licensing (as database connectors are no longer included in standard license anymore) or moving to a different development tool.

Highlighted
Advocate I
Advocate I

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

Thank you!

But, if SharePoint list is supposed to work that way! Is there any way to restrict users from creating new PowerApps application?

Highlighted
Super User
Super User

Re: Access Sharepoint List freely like an owner - as a user via PowerApps

Governance/Admin is not my strong suit, so hopefully someone will correct me if I am wrong, but I don't think you can. All users with a Power Apps 'license' applied (including the 'seeded' license required to run Power Apps) in O365 Admin centre can create Apps in the Default environment (you can lock them out of other environments, but not Default).

As far as I know, you cannot make a SharePoint list environment specific.

So you cannot prevent a user from getting to a SharePoint list where they have permissions and you cannot prevent a user with access to run Power Apps from also creating Power Apps and connecting them to SharePoint lists and editing any records to which they have permissions.

Sorry, but IMO SharePoint is completely unsuited to serious data requirements and you will just create a lot of work for yourself by trying to get it to work the way you want/need.

Helpful resources

Announcements
secondImage

New Return to Workplace

Reopen responsibly, monitor intelligently, and protect continuously with solutions for a safer work environment.

August 2020 CYST Challenge

Check out the winners of the recent 'Can You Solve These?' community challenge!

Experience what’s next for Power Apps

Join us for an in-depth look at the new Power Apps features and capabilities at the free Microsoft Business Applications Launch Event.

Check this Out

Helpful information

Featuring samples like Return to the Workplace and Emergency Response Applications

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Users online (4,198)